-
Notifications
You must be signed in to change notification settings - Fork 100
/
Dockerfile.production
111 lines (98 loc) · 3.43 KB
/
Dockerfile.production
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
# Building stage
FROM ruby:3.2-bookworm AS builder
RUN rm -f /etc/apt/apt.conf.d/docker-clean; echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache
RUN \
--mount=type=cache,target=/var/cache/apt,sharing=locked \
--mount=type=cache,target=/var/lib/apt,sharing=locked \
apt-get update -qq && \
apt-get install -y --no-install-recommends \
libssl-dev \
nodejs \
yarnpkg \
postgresql-client
ENV APP_HOME /usr/src/app
ENV RAILS_ENV=production
ENV GEM_HOME=$APP_HOME/vendor/bundle/ruby/3.2.0
ENV PATH=$GEM_HOME/bin:/usr/share/nodejs/yarn/bin:$PATH
ENV BUNDLE_APP_CONFIG=.bundle
ENV BUNDLE_BUILD__SASSC=--disable-march-tune-native
COPY . $APP_HOME
RUN rm -f $APP_HOME/config/application.yml $APP_HOME/production.env
WORKDIR $APP_HOME
RUN \
--mount=target=/usr/src/app/tmp/bundle,type=cache \
bundle config set without 'development test' && \
bundle config set path '/usr/src/app/tmp/bundle' && \
bundle install --jobs `nproc` && \
cp -r tmp/bundle/ vendor && \
rm -rf vendor/bundle/ruby/3.2.0/cache && \
find vendor/bundle/ruby -type d -name '.git' -exec rm -rf {} + && \
bundle config --local path vendor/bundle
RUN \
--mount=type=cache,target=/usr/local/share/.cache/yarn/v6,sharing=locked \
--mount=type=cache,target=/usr/src/app/node_modules,sharing=locked \
DATABASE_URL=postgresql://postgres@db/scinote_production \
SECRET_KEY_BASE=dummy \
DEFACE_ENABLED=true \
bash -c "rake assets:precompile && rake deface:precompile && rm -rf ./tmp/cache"
# Final stage
FROM ruby:3.2-bookworm AS runner
MAINTAINER SciNote <[email protected]>
RUN rm -f /etc/apt/apt.conf.d/docker-clean; echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache
RUN \
--mount=type=cache,target=/var/cache/apt,sharing=locked \
--mount=type=cache,target=/var/lib/apt,sharing=locked \
DEBIAN_FRONTEND=noninteractive \
apt-get update -qq && \
apt-get install -y --no-install-recommends \
fonts-droid-fallback \
fonts-noto-mono \
fonts-wqy-microhei \
fonts-wqy-zenhei
RUN \
--mount=type=cache,target=/var/cache/apt,sharing=locked \
--mount=type=cache,target=/var/lib/apt,sharing=locked \
DEBIAN_FRONTEND=noninteractive \
apt-get update -qq && \
apt-get install -y --no-install-recommends \
default-jre-headless \
ca-certificates-java && \
apt-get install -y --no-install-recommends \
libjemalloc2 \
groff-base \
postgresql-client \
nodejs \
awscli \
netcat-openbsd \
poppler-utils \
librsvg2-2 \
libvips42 \
graphviz \
chromium \
chromium-sandbox \
libfile-mimeinfo-perl \
yarnpkg && \
/usr/share/nodejs/yarn/bin/yarn add puppeteer@npm:puppeteer-core@^22.15.0 && \
apt-get install -y libreoffice && \
ln -s /usr/lib/x86_64-linux-gnu/libvips.so.42 /usr/lib/x86_64-linux-gnu/libvips.so
ARG BUILD_TIMESTAMP=1
RUN \
--mount=type=cache,target=/var/cache/apt,sharing=locked \
--mount=type=cache,target=/var/lib/apt,sharing=locked \
touch /etc/build-${BUILD_TIMESTAMP} && \
DEBIAN_FRONTEND=noninteractive \
apt-get remove -y *-dev && \
apt-get autoremove -y && \
apt-get update -qq && \
apt-get upgrade -y && \
rm -rf /var/lib/apt/lists/*
ENV APP_HOME /usr/src/app
ENV RAILS_ENV=production
ENV GEM_HOME=$APP_HOME/vendor/bundle/ruby/3.2.0
ENV PATH=$GEM_HOME/bin:$PATH
ENV BUNDLE_APP_CONFIG=.bundle
RUN adduser --uid 1000 scinote
USER scinote
COPY --from=builder --chown=scinote:scinote $APP_HOME $APP_HOME
WORKDIR $APP_HOME
CMD rails s -b 0.0.0.0